2014-02-25 11:17:48 -05:00
package main
import (
2015-05-01 18:01:10 -04:00
"archive/tar"
2014-02-25 11:17:48 -05:00
"fmt"
2015-01-24 16:08:47 -05:00
"io/ioutil"
"os"
2014-02-25 11:17:48 -05:00
"os/exec"
2015-01-13 13:46:32 -05:00
"strings"
"time"
2015-01-24 16:08:47 -05:00
2015-10-13 08:01:58 -04:00
"github.com/docker/docker/pkg/integration/checker"
2015-04-18 12:46:47 -04:00
"github.com/go-check/check"
2014-02-25 11:17:48 -05:00
)
2015-07-07 04:10:37 -04:00
// Pushing an image to a private registry.
2015-04-24 17:16:56 -04:00
func ( s * DockerRegistrySuite ) TestPushBusyboxImage ( c * check . C ) {
2015-01-13 13:46:32 -05:00
repoName := fmt . Sprintf ( "%v/dockercli/busybox" , privateRegistryURL )
2015-02-26 21:23:50 -05:00
// tag the image to upload it to the private registry
2015-07-14 02:35:36 -04:00
dockerCmd ( c , "tag" , "busybox" , repoName )
// push the image to the registry
dockerCmd ( c , "push" , repoName )
2014-02-25 11:17:48 -05:00
}
// pushing an image without a prefix should throw an error
2015-04-18 12:46:47 -04:00
func ( s * DockerSuite ) TestPushUnprefixedRepo ( c * check . C ) {
2015-10-13 08:01:58 -04:00
out , _ , err := dockerCmdWithError ( "push" , "busybox" )
c . Assert ( err , check . NotNil , check . Commentf ( "pushing an unprefixed repo didn't result in a non-zero exit status: %s" , out ) )
2015-01-13 13:46:32 -05:00
}
2015-04-24 17:16:56 -04:00
func ( s * DockerRegistrySuite ) TestPushUntagged ( c * check . C ) {
2015-01-13 13:46:32 -05:00
repoName := fmt . Sprintf ( "%v/dockercli/busybox" , privateRegistryURL )
2015-03-04 15:05:17 -05:00
expected := "Repository does not exist"
2015-10-13 08:01:58 -04:00
out , _ , err := dockerCmdWithError ( "push" , repoName )
c . Assert ( err , check . NotNil , check . Commentf ( "pushing the image to the private registry should have failed: output %q" , out ) )
c . Assert ( out , checker . Contains , expected , check . Commentf ( "pushing the image failed" ) )
2015-01-13 13:46:32 -05:00
}
2015-04-24 17:16:56 -04:00
func ( s * DockerRegistrySuite ) TestPushBadTag ( c * check . C ) {
2015-01-30 17:20:32 -05:00
repoName := fmt . Sprintf ( "%v/dockercli/busybox:latest" , privateRegistryURL )
expected := "does not exist"
2015-07-14 02:35:36 -04:00
2015-10-13 08:01:58 -04:00
out , _ , err := dockerCmdWithError ( "push" , repoName )
c . Assert ( err , check . NotNil , check . Commentf ( "pushing the image to the private registry should have failed: output %q" , out ) )
c . Assert ( out , checker . Contains , expected , check . Commentf ( "pushing the image failed" ) )
2015-01-30 17:20:32 -05:00
}
2015-04-24 17:16:56 -04:00
func ( s * DockerRegistrySuite ) TestPushMultipleTags ( c * check . C ) {
2015-01-30 17:20:32 -05:00
repoName := fmt . Sprintf ( "%v/dockercli/busybox" , privateRegistryURL )
repoTag1 := fmt . Sprintf ( "%v/dockercli/busybox:t1" , privateRegistryURL )
repoTag2 := fmt . Sprintf ( "%v/dockercli/busybox:t2" , privateRegistryURL )
2015-04-23 04:50:41 -04:00
// tag the image and upload it to the private registry
2015-07-14 02:35:36 -04:00
dockerCmd ( c , "tag" , "busybox" , repoTag1 )
2015-01-30 17:20:32 -05:00
2015-07-14 02:35:36 -04:00
dockerCmd ( c , "tag" , "busybox" , repoTag2 )
2015-08-12 21:32:23 -04:00
dockerCmd ( c , "push" , repoName )
2015-08-12 21:36:46 -04:00
// Ensure layer list is equivalent for repoTag1 and repoTag2
out1 , _ := dockerCmd ( c , "pull" , repoTag1 )
2015-10-13 08:01:58 -04:00
2015-08-12 21:36:46 -04:00
imageAlreadyExists := ": Image already exists"
var out1Lines [ ] string
for _ , outputLine := range strings . Split ( out1 , "\n" ) {
if strings . Contains ( outputLine , imageAlreadyExists ) {
out1Lines = append ( out1Lines , outputLine )
}
}
out2 , _ := dockerCmd ( c , "pull" , repoTag2 )
2015-10-13 08:01:58 -04:00
2015-08-12 21:36:46 -04:00
var out2Lines [ ] string
for _ , outputLine := range strings . Split ( out2 , "\n" ) {
if strings . Contains ( outputLine , imageAlreadyExists ) {
out1Lines = append ( out1Lines , outputLine )
}
}
2015-10-13 08:01:58 -04:00
c . Assert ( out2Lines , checker . HasLen , len ( out1Lines ) )
2015-08-12 21:36:46 -04:00
for i := range out1Lines {
2015-10-13 08:01:58 -04:00
c . Assert ( out1Lines [ i ] , checker . Equals , out2Lines [ i ] )
2015-08-12 21:36:46 -04:00
}
2015-01-30 17:20:32 -05:00
}
2015-04-24 17:16:56 -04:00
func ( s * DockerRegistrySuite ) TestPushEmptyLayer ( c * check . C ) {
2015-01-24 16:08:47 -05:00
repoName := fmt . Sprintf ( "%v/dockercli/emptylayer" , privateRegistryURL )
emptyTarball , err := ioutil . TempFile ( "" , "empty_tarball" )
2015-10-13 08:01:58 -04:00
c . Assert ( err , check . IsNil , check . Commentf ( "Unable to create test file" ) )
2015-01-24 16:08:47 -05:00
tw := tar . NewWriter ( emptyTarball )
err = tw . Close ( )
2015-10-13 08:01:58 -04:00
c . Assert ( err , check . IsNil , check . Commentf ( "Error creating empty tarball" ) )
2015-01-24 16:08:47 -05:00
freader , err := os . Open ( emptyTarball . Name ( ) )
2015-10-13 08:01:58 -04:00
c . Assert ( err , check . IsNil , check . Commentf ( "Could not open test tarball" ) )
2015-01-24 16:08:47 -05:00
importCmd := exec . Command ( dockerBinary , "import" , "-" , repoName )
importCmd . Stdin = freader
out , _ , err := runCommandWithOutput ( importCmd )
2015-10-13 08:01:58 -04:00
c . Assert ( err , check . IsNil , check . Commentf ( "import failed: %q" , out ) )
2015-01-24 16:08:47 -05:00
// Now verify we can push it
2015-10-13 08:01:58 -04:00
out , _ , err = dockerCmdWithError ( "push" , repoName )
c . Assert ( err , check . IsNil , check . Commentf ( "pushing the image to the private registry has failed: %s" , out ) )
2015-01-24 16:08:47 -05:00
}
2015-07-20 01:56:10 -04:00
func ( s * DockerTrustSuite ) TestTrustedPush ( c * check . C ) {
repoName := fmt . Sprintf ( "%v/dockercli/trusted:latest" , privateRegistryURL )
// tag the image and upload it to the private registry
dockerCmd ( c , "tag" , "busybox" , repoName )
pushCmd := exec . Command ( dockerBinary , "push" , repoName )
s . trustedCmd ( pushCmd )
out , _ , err := runCommandWithOutput ( pushCmd )
2015-10-13 08:01:58 -04:00
c . Assert ( err , check . IsNil , check . Commentf ( "Error running trusted push: %s\n%s" , err , out ) )
c . Assert ( out , checker . Contains , "Signing and pushing trust metadata" , check . Commentf ( "Missing expected output on trusted push" ) )
2015-07-20 01:56:10 -04:00
}
2015-07-21 23:36:22 -04:00
2015-10-09 15:14:34 -04:00
func ( s * DockerTrustSuite ) TestTrustedPushWithEnvPasswords ( c * check . C ) {
repoName := fmt . Sprintf ( "%v/dockercli/trusted:latest" , privateRegistryURL )
// tag the image and upload it to the private registry
dockerCmd ( c , "tag" , "busybox" , repoName )
pushCmd := exec . Command ( dockerBinary , "push" , repoName )
s . trustedCmdWithPassphrases ( pushCmd , "12345678" , "12345678" )
out , _ , err := runCommandWithOutput ( pushCmd )
2015-10-13 08:01:58 -04:00
c . Assert ( err , check . IsNil , check . Commentf ( "Error running trusted push: %s\n%s" , err , out ) )
c . Assert ( out , checker . Contains , "Signing and pushing trust metadata" , check . Commentf ( "Missing expected output on trusted push" ) )
2015-10-09 15:14:34 -04:00
}
// This test ensures backwards compatibility with old ENV variables. Should be
// deprecated by 1.10
func ( s * DockerTrustSuite ) TestTrustedPushWithDeprecatedEnvPasswords ( c * check . C ) {
repoName := fmt . Sprintf ( "%v/dockercli/trusteddeprecated:latest" , privateRegistryURL )
// tag the image and upload it to the private registry
dockerCmd ( c , "tag" , "busybox" , repoName )
pushCmd := exec . Command ( dockerBinary , "push" , repoName )
s . trustedCmdWithDeprecatedEnvPassphrases ( pushCmd , "12345678" , "12345678" )
out , _ , err := runCommandWithOutput ( pushCmd )
2015-10-13 08:01:58 -04:00
c . Assert ( err , check . IsNil , check . Commentf ( "Error running trusted push: %s\n%s" , err , out ) )
c . Assert ( out , checker . Contains , "Signing and pushing trust metadata" , check . Commentf ( "Missing expected output on trusted push" ) )
2015-10-09 15:14:34 -04:00
}
2015-12-05 05:42:46 -05:00
func ( s * DockerTrustSuite ) TestTrustedPushWithFailingServer ( c * check . C ) {
2015-07-21 23:36:22 -04:00
repoName := fmt . Sprintf ( "%v/dockercli/trusted:latest" , privateRegistryURL )
// tag the image and upload it to the private registry
dockerCmd ( c , "tag" , "busybox" , repoName )
pushCmd := exec . Command ( dockerBinary , "push" , repoName )
2015-10-08 14:10:38 -04:00
s . trustedCmdWithServer ( pushCmd , "https://example.com:81/" )
2015-07-21 23:36:22 -04:00
out , _ , err := runCommandWithOutput ( pushCmd )
2015-10-13 08:01:58 -04:00
c . Assert ( err , check . NotNil , check . Commentf ( "Missing error while running trusted push w/ no server" ) )
c . Assert ( out , checker . Contains , "error contacting notary server" , check . Commentf ( "Missing expected output on trusted push" ) )
2015-07-21 23:36:22 -04:00
}
func ( s * DockerTrustSuite ) TestTrustedPushWithoutServerAndUntrusted ( c * check . C ) {
repoName := fmt . Sprintf ( "%v/dockercli/trusted:latest" , privateRegistryURL )
// tag the image and upload it to the private registry
dockerCmd ( c , "tag" , "busybox" , repoName )
2015-07-24 04:59:42 -04:00
pushCmd := exec . Command ( dockerBinary , "push" , "--disable-content-trust" , repoName )
2015-10-08 14:10:38 -04:00
s . trustedCmdWithServer ( pushCmd , "https://example.com/" )
2015-07-21 23:36:22 -04:00
out , _ , err := runCommandWithOutput ( pushCmd )
2015-10-13 08:01:58 -04:00
c . Assert ( err , check . IsNil , check . Commentf ( "trusted push with no server and --disable-content-trust failed: %s\n%s" , err , out ) )
c . Assert ( out , check . Not ( checker . Contains ) , "Error establishing connection to notary repository" , check . Commentf ( "Missing expected output on trusted push with --disable-content-trust:" ) )
2015-07-21 23:36:22 -04:00
}
func ( s * DockerTrustSuite ) TestTrustedPushWithExistingTag ( c * check . C ) {
repoName := fmt . Sprintf ( "%v/dockercli/trusted:latest" , privateRegistryURL )
// tag the image and upload it to the private registry
dockerCmd ( c , "tag" , "busybox" , repoName )
dockerCmd ( c , "push" , repoName )
pushCmd := exec . Command ( dockerBinary , "push" , repoName )
s . trustedCmd ( pushCmd )
out , _ , err := runCommandWithOutput ( pushCmd )
2015-10-13 08:01:58 -04:00
c . Assert ( err , check . IsNil , check . Commentf ( "trusted push failed: %s\n%s" , err , out ) )
c . Assert ( out , checker . Contains , "Signing and pushing trust metadata" , check . Commentf ( "Missing expected output on trusted push with existing tag" ) )
2015-07-21 23:36:22 -04:00
}
2015-07-22 14:39:35 -04:00
func ( s * DockerTrustSuite ) TestTrustedPushWithExistingSignedTag ( c * check . C ) {
repoName := fmt . Sprintf ( "%v/dockerclipushpush/trusted:latest" , privateRegistryURL )
2015-07-21 23:36:22 -04:00
// tag the image and upload it to the private registry
dockerCmd ( c , "tag" , "busybox" , repoName )
2015-07-22 14:39:35 -04:00
// Do a trusted push
2015-07-21 23:36:22 -04:00
pushCmd := exec . Command ( dockerBinary , "push" , repoName )
2015-07-22 14:39:35 -04:00
s . trustedCmd ( pushCmd )
2015-07-21 23:36:22 -04:00
out , _ , err := runCommandWithOutput ( pushCmd )
2015-10-13 08:01:58 -04:00
c . Assert ( err , check . IsNil , check . Commentf ( "trusted push failed: %s\n%s" , err , out ) )
c . Assert ( out , checker . Contains , "Signing and pushing trust metadata" , check . Commentf ( "Missing expected output on trusted push with existing tag" ) )
2015-07-21 23:36:22 -04:00
2015-07-22 14:39:35 -04:00
// Do another trusted push
pushCmd = exec . Command ( dockerBinary , "push" , repoName )
2015-07-21 23:36:22 -04:00
s . trustedCmd ( pushCmd )
2015-07-22 14:39:35 -04:00
out , _ , err = runCommandWithOutput ( pushCmd )
2015-10-13 08:01:58 -04:00
c . Assert ( err , check . IsNil , check . Commentf ( "trusted push failed: %s\n%s" , err , out ) )
c . Assert ( out , checker . Contains , "Signing and pushing trust metadata" , check . Commentf ( "Missing expected output on trusted push with existing tag" ) )
2015-07-22 14:39:35 -04:00
dockerCmd ( c , "rmi" , repoName )
// Try pull to ensure the double push did not break our ability to pull
pullCmd := exec . Command ( dockerBinary , "pull" , repoName )
s . trustedCmd ( pullCmd )
out , _ , err = runCommandWithOutput ( pullCmd )
2015-10-13 08:01:58 -04:00
c . Assert ( err , check . IsNil , check . Commentf ( "Error running trusted pull: %s\n%s" , err , out ) )
c . Assert ( out , checker . Contains , "Status: Downloaded" , check . Commentf ( "Missing expected output on trusted pull with --disable-content-trust" ) )
2015-07-22 14:39:35 -04:00
2015-07-21 23:36:22 -04:00
}
2015-07-22 14:39:35 -04:00
func ( s * DockerTrustSuite ) TestTrustedPushWithIncorrectPassphraseForNonRoot ( c * check . C ) {
repoName := fmt . Sprintf ( "%v/dockercliincorretpwd/trusted:latest" , privateRegistryURL )
2015-07-21 23:36:22 -04:00
// tag the image and upload it to the private registry
dockerCmd ( c , "tag" , "busybox" , repoName )
2015-07-22 14:39:35 -04:00
// Push with default passphrases
2015-07-21 23:36:22 -04:00
pushCmd := exec . Command ( dockerBinary , "push" , repoName )
2015-07-22 14:39:35 -04:00
s . trustedCmd ( pushCmd )
2015-07-21 23:36:22 -04:00
out , _ , err := runCommandWithOutput ( pushCmd )
2015-10-13 08:01:58 -04:00
c . Assert ( err , check . IsNil , check . Commentf ( "trusted push failed: %s\n%s" , err , out ) )
c . Assert ( out , checker . Contains , "Signing and pushing trust metadata" , check . Commentf ( "Missing expected output on trusted push:\n%s" , out ) )
2015-07-22 14:39:35 -04:00
// Push with wrong passphrases
pushCmd = exec . Command ( dockerBinary , "push" , repoName )
2015-07-31 18:01:50 -04:00
s . trustedCmdWithPassphrases ( pushCmd , "12345678" , "87654321" )
2015-07-22 14:39:35 -04:00
out , _ , err = runCommandWithOutput ( pushCmd )
2015-10-13 08:01:58 -04:00
c . Assert ( err , check . NotNil , check . Commentf ( "Error missing from trusted push with short targets passphrase: \n%s" , out ) )
2015-11-12 15:09:31 -05:00
c . Assert ( out , checker . Contains , "could not find necessary signing keys" , check . Commentf ( "Missing expected output on trusted push with short targets/snapsnot passphrase" ) )
2015-07-21 23:36:22 -04:00
}
2015-07-22 21:46:59 -04:00
2015-10-09 15:14:34 -04:00
// This test ensures backwards compatibility with old ENV variables. Should be
// deprecated by 1.10
func ( s * DockerTrustSuite ) TestTrustedPushWithIncorrectDeprecatedPassphraseForNonRoot ( c * check . C ) {
repoName := fmt . Sprintf ( "%v/dockercliincorretdeprecatedpwd/trusted:latest" , privateRegistryURL )
// tag the image and upload it to the private registry
dockerCmd ( c , "tag" , "busybox" , repoName )
// Push with default passphrases
pushCmd := exec . Command ( dockerBinary , "push" , repoName )
s . trustedCmd ( pushCmd )
out , _ , err := runCommandWithOutput ( pushCmd )
2015-10-13 08:01:58 -04:00
c . Assert ( err , check . IsNil , check . Commentf ( "trusted push failed: %s\n%s" , err , out ) )
c . Assert ( out , checker . Contains , "Signing and pushing trust metadata" , check . Commentf ( "Missing expected output on trusted push" ) )
2015-10-09 15:14:34 -04:00
// Push with wrong passphrases
pushCmd = exec . Command ( dockerBinary , "push" , repoName )
s . trustedCmdWithDeprecatedEnvPassphrases ( pushCmd , "12345678" , "87654321" )
out , _ , err = runCommandWithOutput ( pushCmd )
2015-10-13 08:01:58 -04:00
c . Assert ( err , check . NotNil , check . Commentf ( "Error missing from trusted push with short targets passphrase: \n%s" , out ) )
2015-11-12 15:09:31 -05:00
c . Assert ( out , checker . Contains , "could not find necessary signing keys" , check . Commentf ( "Missing expected output on trusted push with short targets/snapsnot passphrase" ) )
2015-10-09 15:14:34 -04:00
}
2015-07-22 21:46:59 -04:00
func ( s * DockerTrustSuite ) TestTrustedPushWithExpiredSnapshot ( c * check . C ) {
2015-07-29 15:09:40 -04:00
c . Skip ( "Currently changes system time, causing instability" )
2015-07-22 21:46:59 -04:00
repoName := fmt . Sprintf ( "%v/dockercliexpiredsnapshot/trusted:latest" , privateRegistryURL )
// tag the image and upload it to the private registry
dockerCmd ( c , "tag" , "busybox" , repoName )
// Push with default passphrases
pushCmd := exec . Command ( dockerBinary , "push" , repoName )
s . trustedCmd ( pushCmd )
out , _ , err := runCommandWithOutput ( pushCmd )
2015-10-13 08:01:58 -04:00
c . Assert ( err , check . IsNil , check . Commentf ( "trusted push failed: %s\n%s" , err , out ) )
c . Assert ( out , checker . Contains , "Signing and pushing trust metadata" , check . Commentf ( "Missing expected output on trusted push" ) )
2015-07-22 21:46:59 -04:00
// Snapshots last for three years. This should be expired
fourYearsLater := time . Now ( ) . Add ( time . Hour * 24 * 365 * 4 )
runAtDifferentDate ( fourYearsLater , func ( ) {
// Push with wrong passphrases
pushCmd = exec . Command ( dockerBinary , "push" , repoName )
s . trustedCmd ( pushCmd )
out , _ , err = runCommandWithOutput ( pushCmd )
2015-10-13 08:01:58 -04:00
c . Assert ( err , check . NotNil , check . Commentf ( "Error missing from trusted push with expired snapshot: \n%s" , out ) )
c . Assert ( out , checker . Contains , "repository out-of-date" , check . Commentf ( "Missing expected output on trusted push with expired snapshot" ) )
2015-07-22 21:46:59 -04:00
} )
}
func ( s * DockerTrustSuite ) TestTrustedPushWithExpiredTimestamp ( c * check . C ) {
2015-07-29 15:09:40 -04:00
c . Skip ( "Currently changes system time, causing instability" )
2015-07-22 21:46:59 -04:00
repoName := fmt . Sprintf ( "%v/dockercliexpiredtimestamppush/trusted:latest" , privateRegistryURL )
// tag the image and upload it to the private registry
dockerCmd ( c , "tag" , "busybox" , repoName )
// Push with default passphrases
pushCmd := exec . Command ( dockerBinary , "push" , repoName )
s . trustedCmd ( pushCmd )
out , _ , err := runCommandWithOutput ( pushCmd )
2015-10-13 08:01:58 -04:00
c . Assert ( err , check . IsNil , check . Commentf ( "trusted push failed: %s\n%s" , err , out ) )
c . Assert ( out , checker . Contains , "Signing and pushing trust metadata" , check . Commentf ( "Missing expected output on trusted push" ) )
2015-07-22 21:46:59 -04:00
// The timestamps expire in two weeks. Lets check three
threeWeeksLater := time . Now ( ) . Add ( time . Hour * 24 * 21 )
// Should succeed because the server transparently re-signs one
runAtDifferentDate ( threeWeeksLater , func ( ) {
pushCmd := exec . Command ( dockerBinary , "push" , repoName )
s . trustedCmd ( pushCmd )
out , _ , err := runCommandWithOutput ( pushCmd )
2015-10-13 08:01:58 -04:00
c . Assert ( err , check . IsNil , check . Commentf ( "Error running trusted push: %s\n%s" , err , out ) )
c . Assert ( out , checker . Contains , "Signing and pushing trust metadata" , check . Commentf ( "Missing expected output on trusted push with expired timestamp" ) )
2015-07-22 21:46:59 -04:00
} )
}